Privacy by Design

Privacy by Design (PbD) is the international framework dedicated to protecting privacy by embedding it into the design of technologies and business practices. PHEMI has taken into account the 7 Foundational PbD principles throughout its entire system design, and the result is PHEMI’s unique Zero Trust Data framework.

The 7 Foundational Principles of Privacy by Design are as follows:

1. Privacy should be proactive not reactive, and preventative rather than remedial.

Organizations must not wait to address risks after they materialize. They must prevent them from occurring by tightly defining how data is stored and who is allowed to access it.

2. Privacy must be the default setting.

Any data stored should be automatically protected in any business system or practice. No action should be required to “turn on” privacy.

3. Privacy should be embedded into system design.

No data should be stored—much less accessed—without clear privacy and governance parameters associated with it.

4. Privacy and governance must operate end to end.

Privacy should extend from prior to the first element being collected through the entire lifecycle of the data involved.

5. Data systems should be positive-sum, not zero-sum.

The system should be able to retain full functionality, even with privacy protection. There should be no trade-offs between privacy and security, or security and usability.

6. Privacy must be transparent.

Users and providers of data, as well as independent parties, should be able to verify that privacy mechanisms are operating as expected.

7. Privacy should be user-centric.

Data systems must keep the interests of the individual foremost through mechanisms like strong privacy defaults, appropriate notice, and usability.